What is CVE-2023-30798?

CVE-2023-30798 is a high-severity vulnerability in Encode Starlette, classified under Uncontrolled Resource Consumption. CVSS score: 7.5/10. Published 2023-04-21.

How severe is CVE-2023-30798?

High severity. CVSS v3 base score is 7.5 out of 10.

Resource exhaustion in Encode Starlette

CVE-2023-30798

There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denia…

Vulnerability class: DoS (Denial of Service)

EPSS: 0.020 (83.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Encode Starlette — versions 0

Weakness classification (CWE)

CWE-400 — Uncontrolled Resource Consumption

References

github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x (vendor-advisory)
github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea1938fa (patch)
vulncheck.com/advisories/starlette-multipartparser-dos (third-party-advisory)

Frequently asked questions

What is CVE-2023-30798?: CVE-2023-30798 is a high-severity vulnerability in Encode Starlette, classified under Uncontrolled Resource Consumption. CVSS score: 7.5/10. Published 2023-04-21.
How severe is CVE-2023-30798?: High severity. CVSS v3 base score is 7.5 out of 10.